Crowdstrike installer action script not working

Hi I am trying to install crowdstrike but getting an issue. I think i may be doing something wrong but cannot see the wood for the trees.
This is my complete action script and it works up to the actual installer. I have disabled all but last line as i was trying different installer lines.

//action uses wow64 redirection {not x64 of operating system}
//dos md c:\temp\Crowdstrike
//prefetch 9ba4e042d74f53c74aa52c4489fdf07aee0eb202 sha1:9ba4e042d74f53c74aa52c4489fdf07aee0eb202 size:141811699 http://FLBF01:52311/Uploads/9ba4e042d74f53c74aa52c4489fdf07aee0eb202/WindowsSensor.exe.tmp sha256:08e535392dd49968bb02d63564f13827b426a8f44b813c96b3cb441341df8a84
//extract 9ba4e042d74f53c74aa52c4489fdf07aee0eb202 "c:\temp\Crowdstrike"

waithidden dos c:\temp\Crowdstrike\WindowsSensor.exe /install /quiet /norestart APP_PROXYNAME=IPADDRESS APP_PROXYPORT=PORTNO CID=OURCID grouping_tags=APPID

I have also tried
waithidden dos “c:\temp\Crowdstrike\WindowsSensor.exe /install /quiet /norestart APP_PROXYNAME=IPADDRESS APP_PROXYPORT=PORTNO CID=OURCID grouping_tags=APPID”

And

waithidden dos “c:\temp\Crowdstrike\WindowsSensor.exe” /install /quiet /norestart APP_PROXYNAME=IPADDRESS APP_PROXYPORT=PORTNO CID=OURCID grouping_tags=APPID

Any Help gratefully received please

What happens if you use the CMD prompt to run the command locally?

Additionally, what happens if you execute the following in the Fixlet Debugger?

waithidden "c:\temp\Crowdstrike\WindowsSensor.exe" /install /quiet /norestart APP_PROXYNAME=IPADDRESS APP_PROXYPORT=PORTNO CID=OURCID grouping_tags=APPID

If needed, adjust the action uses wow64 redirection setting before execution.

If i run command without the “” from cmd shell it works? Also fixlet debugger says all ok. I guess it ios happy that it is kicking off the cmd but as it is a DOS command it knows no different

What exit code are you getting in the besclient log?
Does the CID or any other parameter contain the { symbol, and if so, did you escape it as {{ ?

Hi Jason
Command succeeded (Exit Code=1)
No curly brackets used at all.

Ok, that exit code would usually indicate a failure of some kind in the command.

Does your proxy require authentication? It may be that when running under your user account, proxy authentication is working transparently but the same may not work when running under the LocalSystem computer account?

Do you get the same exit code 1 when running from the Fixlet Debugger? The Debugger would be executing under your user account rather than LocalSystem so that would help determine whether it could be a proxy auth issue.

We have a policy in place that works for installing CS. It works great. Not sure what is going on with your command but here is what we use.

We are multi-tenant and each customer has a different CID.
Each customer has a site and we put a policy in place to set a reg key with the CID.

So our installer fixlet looks like this.

Relevance:

Action:

prefetch WindowsSensor.MaverickGyr.exe sha1:A25C01E813654EE4F3480853AEFA7B3F32DEB46D size:149949440 http://bigfixserver:52311/CustomRepo/WindowsSensor.MaverickGyr.exe sha256:AA65E1C83A5118298EEC3D16BF0274925ED6DE48E979493CF871081822106370

parameter "CUSTCSID"="{value "CUSTCSID" of key "HKEY_LOCAL_MACHINE\SOFTWARE\OurCompany\" of x64 registries}"

folder delete "c:\Installers\custinstallers\Crowdstrike"
folder create "c:\Installers\custinstallers\Crowdstrike"

move "__download/WindowsSensor.MaverickGyr.exe" "c:\Installers\custinstallers\Crowdstrike\WindowsSensor.MaverickGyr.exe"

waithidden cmd /c "c:\Installers\custinstallers\Crowdstrike\WindowsSensor.MaverickGyr.exe" /install /quiet /norestart CID={parameter "CUSTCSID" of action}

This has been working for years. :slight_smile:

2 Likes